Lucene search
K

4 matches found

EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score
Exploits0References3
OSV
OSV
added 2024/12/11 8:15 a.m.6 views

AZL-54221 CVE-2024-11053 affecting package cmake for versions less than 3.30.3-3

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

3.4CVSS7AI score0.01351EPSS
Exploits1References1
OSV
OSV
added 2024/11/06 8:15 a.m.4 views

ALPINE-CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS6.9AI score0.0197EPSS
Exploits1References1
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.5 views

invalid URL parsing with '#'

curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...

7.5CVSS7.3AI score0.05915EPSS
Exploits0Affected Software2
Rows per page
Query Builder